You are responsible for your own Internet privacy

Stan Stahl knows about the shady world of high-tech security and false privacy. Stahl helped secure teleconferencing at the White House and the communications network controlling the country's nuclear weapons arsenal. CIO.com talks to Stahl about whether Internet privacy is even possible.

Bill Clinton's run for presidency nearly derailed when rumors surfaced that he had smoked marijuana during his time in England. In an effort to control the damage, Clinton admitted that he indeed experimented with the illegal drug but "didn't inhale." Imagine how history might have changed if a video of a glassy-eyed Clinton with a joint between his lips had shown up on Youtube (which, of course, didn't exist at the time).

Flash forward two decades, there's no place to hide anymore, no privacy. Compromising photos and videos shared online, surveillance cameras catching stupid acts, regrettable blog posts written during rebellious, youthful days, asinine comments on Facebook and Twitter, all can be unearthed -- the Internet remembers everything -- and undermine a person's reputation.

This begs the question: Can any millennial make it out unscathed and become the future president? "It's incredible, the world we live in," says Stan Stahl, chief information security officer of Private.me, a browser that keeps personal data private and secure.

We're right now at a nexus with Internet privacy. There's clearly a desire to share. The first generation was about sharing photos of, say, when you're at a party passing the bong around. Now people are saying, 'wait a minute.' Stan Stahl, Chief Information Security Officer of Private.me

Stahl knows all about the shady world of high-tech security, double-dealings and false privacy. The former math professor helped secure teleconferencing at the White House, databases inside Cheyenne Mountain, and the communications network controlling the country's nuclear weapons arsenal.

CIO.com talked with Stahl to get his take on the current state of Internet privacy.

CIO.com There's a lot of fear around Internet privacy. Can you help separate fact from fiction?

Stan Stahl: Back when I was in the aerospace industry and had top secret clearance, there was a saying, "Those who know don't talk, and those who talk don't know." I don't have a clearance anymore, and so I don't have any insight other than what's published publicly about Snowden and other cases. But one can read between the lines. The government clearly has the legal and technical capabilities to pretty much do surveillance on anybody who's not really careful about what they're doing.

Stan Stahl.

Even that might not be enough. One of the public stories is how the NSA compromised Tor (a government-funded online anonymity tool). Tor has been considered a kind of standard for anonymity on the Web. There's also potential that NSA paid RSA, and we don't know exactly what they got for their money. That's going to be deeply classified. It at least raises the suspicion that there may be backdoors to encryption products and identity products that the government will have access to.

We know the government buys zero-day exploits, some of those I'm sure are being used against ISIS in Syria and places like that, although again I'm not privy to that information. It would be naive of us to believe that this isn't also being used to target specific groups here in the states. They've got a ton of money and some really, really smart people -- I used to work with some of the brilliant NSA folks.

You have to start from the perspective that you have no real privacy.

CIO.com: That sounds pretty scary.

Stahl: There's this idea floating around that if you're not doing anything wrong, why should you care? I look at the other side of this. There's an article in the New York Times this month, "We Want Privacy, But Can't Stop Sharing," where the idea is, if you know that whatever you do is available out in the public domain, either through the government, Facebook or Google, you really begin to look over your shoulder. Are you willing to go to a demonstration for, say, the shooting in St. Louis of a young black man by an off-duty cop, if you know you're going to be surveilled? Even though you have a constitutional right, there's a chilling effect on people's behaviors whether or not they're doing anything wrong.

I'm old enough to remember Richard Nixon when he was president. HBO just did a special on the last Nixon tapes. Here was a president of the United States who, when a reporter, Dan Schorr, started pushing and probing around the Vietnam War, had his people get with the IRS to start auditing Schorr's tax returns. We have historical evidence in America that even doing legal things can result in intrusive government on you.

We're suspicious for good reason.

CIO.com: Do big corporations also violate user privacy?

Stahl: We know they're collecting whatever they can. The business model of the Internet is about collecting information and using this information for either marketing or sales purposes. Some of it is valuable. I shop on Amazon regularly, and it's nice that they keep track of what I shop for, because they make some good suggestions.

But when the government via subpoena gets that information or when Amazon sells it off, we don't have the right to limit what's being collected about us nor get the benefit financially. The common theme behind Occupy Wall Street and the Tea Party is that big government and corporations are in bed together.

Yes, we have the story of Yahoo pushing back when the government wanted access. But we've also got a history of the telecom providers and others rolling over when the government wanted all that information. If big corporations are collecting it, where's the privacy for us?

CIO.com: I've read contrasting reports about Millennials' views on privacy. Are they driving toward privacy? Or are they recklessly sharing personal information and pictures?

Stahl: Our kids are taking pictures and putting them on Snapchat, and god knows what kinds of photos. Snapchat is supposed to forget, but it looks like a third-party app connected into Snapchat didn't forget. Then there's the nude celebrity photos.

We're right now at a nexus with Internet privacy. There's clearly a desire to share. The first generation was about sharing photos of, say, when you're at a party passing the bong around. Now people are saying, 'wait a minute.' When I read about Millennials and privacy, it seems reasonable to me they're like the canary in the coal mine. They're seeing this challenge and reacting to it.

The Snapchat story and others like it tip the scales toward the millennial desire for increased privacy. I don't know the innards of Snapchat, but this idea of a photo being only available for a certain time and then forgotten -- what if you hack the servers so that everything flowing through it gets copied off to another device? That's what happened to Target with all that credit card info. RAM scrapers were siphoning it off and sending it somewhere else.

CIO.com: Do you foresee the United States following in the European Union's footsteps with its "right to be forgotten" efforts?

Stahl: I have real technical questions on the "right to be forgotten," with things like the Wayback Machine. How do you get it out of those kinds of places? There's a recent report of a thousand people asking Google to forget them, and Google has complied with 42 percent of the requests. What about the other 58 percent? If you have the right to be forgotten on Tuesday, what about Wednesday? What you do on Wednesday might not necessarily be forgotten. We have to work through what the right to be forgotten really means.

CIO.com: Is privacy even possible? How are you getting around these challenges?

Stahl: It's a hard problem. We're really working hard at building infrastructure in a way that, even if it's hacked, information is still kept private. Part of the secret sauce is the idea that any information coming into Private.me gets split up into pieces at the user browser level and sent to different servers. Then it takes pulling all the pieces together from the different servers to get something that is meaningful.

CIO.com: I'm guessing you have a very diminished digital footprint, right?

Stahl: Actually, I don't. I'm very careful on the financial side of my digital footprint. But I'm also in business, so I Tweet, blog, give talks regularly and mostly over the Internet, my company has a presence on the Web. I pay attention to what matters, from a privacy perspective, and what doesn't. It's our responsibility to take care of our own privacy.

The Internet is the greatest invention perhaps since the printing press. Just look at the great and wonderful things we can do with it. The fact that we can do online banking is wonderful. But everything has unintended consequences; there's always a dark side.

CIO.com: Will your behavior change if you're at a bar and somebody is wearing Google Glass?

Stahl: Oh god. Stay tuned for that one.

This story, "You are responsible for your own Internet privacy" was originally published by
CIO.